Read only_db restriction from a dedicated session key

da_login.php now stores the ticket's restrict_db into
DA_MYSQL_PHPMYADMIN_RESTRICT_DB, and config.inc.php's only_db builder
reads that key instead of the landing-page db field, so an
all-databases login (empty restrict_db) leaves phpMyAdmin unrestricted.
This commit is contained in:
Marek Miklewicz
2026-07-04 21:31:02 +02:00
parent 9a5781e5ed
commit 766380c9eb
2 changed files with 21 additions and 2 deletions
+2 -2
View File
@@ -353,8 +353,7 @@ function da_mysql_phpmyadmin_only_db(): string
session_name($sessionName);
session_id($sessionId);
session_start();
$auth = $_SESSION['DA_MYSQL_PHPMYADMIN_AUTH'] ?? [];
$db = is_array($auth) ? (string)($auth['db'] ?? '') : '';
$db = (string)($_SESSION['DA_MYSQL_PHPMYADMIN_RESTRICT_DB'] ?? '');
session_write_close();
return $db;
@@ -515,6 +514,7 @@ session_set_cookie_params([
]);
session_start();
$_SESSION['DA_MYSQL_PHPMYADMIN_AUTH'] = $ticket['auth'];
$_SESSION['DA_MYSQL_PHPMYADMIN_RESTRICT_DB'] = (string)($ticket['restrict_db'] ?? '');
session_write_close();
header('Cache-Control: no-store, no-cache, must-revalidate');